[Openvas-commits] r3272 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu May 7 14:39:06 CEST 2009


Author: chandra
Date: 2009-05-07 14:39:04 +0200 (Thu, 07 May 2009)
New Revision: 3272

Added:
   trunk/openvas-plugins/scripts/gb_dotproject_detect.nasl
   trunk/openvas-plugins/scripts/gb_dotproject_priv_escalation_vuln.nasl
   trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_lin.nasl
   trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_win.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_dos_vuln.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_mult_xss_vuln_may09.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_settimeout_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_google_chrome_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_ms_gdiplus_png_infinite_loop_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_dos_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/ChangeLog	2009-05-07 12:39:04 UTC (rev 3272)
@@ -1,3 +1,16 @@
+2009-05-07 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_google_chrome_settimeout_xss_vuln.nasl,
+	scripts/gb_google_chrome_mult_xss_vuln_may09.nasl,
+	scripts/gb_google_chrome_xss_vuln.nasl,
+	scripts/gb_dotproject_detect.nasl,
+	scripts/secpod_trendmicro_officescan_dos_vuln.nasl,
+	scripts/gb_google_chrome_dos_vuln.nasl,
+	scripts/gb_firefox_dos_vuln_may09_lin.nasl,
+	scripts/gb_dotproject_priv_escalation_vuln.nasl,
+	scripts/gb_firefox_dos_vuln_may09_win.nasl,
+	scripts/gb_ms_gdiplus_png_infinite_loop_vuln.nasl:
+	Added new plugins
+
 2009-05-06 Christian Eric Edjenguele <christian.edjenguele at owasp>
 	* scripts/remote-detect-WindowsSharepointServices.nasl:
 	Minor fix. report WSS on Sun GlassFish Enterprise Server

Added: trunk/openvas-plugins/scripts/gb_dotproject_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_dotproject_detect.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/gb_dotproject_detect.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,79 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_dotproject_detect.nasl 1935 06-05-2009 13:52:24Z may $
+#
+# dotProject Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800564);
+  script_version("Revision: 1.0 ");
+  script_name(english:"dotProject Version Detection");
+  desc["english"] = "
+  Overview: This script detects the installed version of dotProject and
+  sets the version in KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Sets the KB for the version of dotProject");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Service detection");
+  script_dependencies("http_version.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+wwwPort = get_http_port(default:80);
+if(!wwwPort){
+  exit(0);
+}
+
+foreach dir (make_list("/dotproject", "/dotProject", "/Dotproject", cgi_dirs()))
+{
+  sndReq = http_get(item:string(dir, "/index.php"), port:wwwPort);
+  rcvRes = http_send_recv(port:wwwPort, data:sndReq);
+  if(rcvRes == NULL){
+    exit(0);
+  }
+
+  if("dotProject" >< rcvRes)
+  {
+    version = eregmatch(pattern:"Version ([0-9.]+)(rc[0-9])?", string:rcvRes);
+    if(version[1] != NULL)
+    {
+      if(version[2] != NULL){
+        dotVer = version[1] + "." + version[2];
+      }
+      else
+        dotVer = version[1];
+
+      set_kb_item(name:"www/" + wwwPort + "/dotProject", value:dotVer + " under " + dir);
+    }
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_dotproject_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_dotproject_priv_escalation_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_dotproject_priv_escalation_vuln.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/gb_dotproject_priv_escalation_vuln.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_dotproject_priv_escalation_vuln.nasl 1935 06-05-2009 12:05:33Z may $
+#
+# dotProject Privilege Escalation Vulnerability.
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800565);
+  script_version("Revision: 1.0");
+  script_cve_id("CVE-2008-6747");
+  script_bugtraq_id(29679);
+  script_name(english:"dotProject Privilege Escalation Vulnerability");
+  desc["english"] = "
+
+  Overview: The host is installed with dotProject and is prone to Privilege
+  Escalation vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to improper restrictions on access to certain
+  administrative pages.
+
+  Impact:
+  Attackers can exploit this issue via specially crafted HTTP request to
+  certain administrative pages to gain administrative privileges on the
+  affected system.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  dotProject version prior to 2.1.2
+
+  Fix: Upgrade to version 2.1.2
+  http://www.dotproject.net
+
+  References:
+  http://en.securitylab.ru/nvd/378282.php
+  http://xforce.iss.net/xforce/xfdb/43019
+
+  CVSS Score:
+    CVSS Base Score     : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.0
+  Risk factor : Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of dotProject");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Privilege escalation");
+  script_dependencies("gb_dotproject_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+appPort = get_http_port(default:80);
+if(!appPort){
+  exit(0);
+}
+
+dotVer = get_kb_item("www/" + appPort + "/dotProject");
+dotVer = eregmatch(pattern:"^(.+) under (/.*)$", string:dotVer);
+if(dotVer[1] == NULL){
+  exit(0);
+}
+
+if(version_is_less(version:dotVer[1], test_version:"2.1.2")){
+  security_warning(appPort);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_dotproject_priv_escalation_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_lin.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_lin.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_dos_vuln_may09_lin.nasl 2121 -05-05-2009 21:25:33Z may $
+#
+# Mozilla Firefox DoS Vulnerability May-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800398);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1313");
+  script_bugtraq_id(34743);
+  script_name(english:"Mozilla Firefox DoS Vulnerability May-09 (Linux)");
+  desc["english"] = "
+
+  Overview: The host is installed with Mozilla Firefox browser and is prone
+  to Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to error in nsTextFrame::ClearTextRun function in
+  layout/generic/nsTextFrameThebes.cpp via unspecified vectors.
+
+  Impact:
+  Successful exploitation will let attackers to execute arbitrary code which
+  results in memory corruption.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Firefox version prior to 3.0.10 on Linux.
+
+  Fix: Upgrade to Firefox version 3.0.10
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  References:
+  https://rhn.redhat.com/errata/RHSA-2009-0449.html
+  https://bugzilla.mozilla.org/show_bug.cgi?id=490233
+  http://securitytracker.com/alerts/2009/Apr/1022126.html
+  http://www.mozilla.org/security/announce/2009/mfsa2009-23.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("gb_firefox_detect_lin.nasl");
+  script_require_keys("Firefox/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+  exit(0);
+}
+
+# Grep for Firefox version < 3.0.10
+if(version_is_less(version:ffVer, test_version:"3.0.10")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_win.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_win.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_dos_vuln_may09_win.nasl 2121 05-05-2009 20:55:33Z may $
+#
+# Mozilla Firefox DoS Vulnerability May-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800344);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1313");
+  script_bugtraq_id(34743);
+  script_name(english:"Mozilla Firefox DoS Vulnerability May-09 (Win)");
+  desc["english"] = "
+
+  Overview: The host is installed with Mozilla Firefox browser and is prone
+  to Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to error in nsTextFrame::ClearTextRun function in
+  layout/generic/nsTextFrameThebes.cpp via unspecified vectors.
+
+  Impact:
+  Successful exploitation will let attackers to execute arbitrary code which
+  results in memory corruption.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Firefox version prior to 3.0.10 on Windows.
+
+  Fix: Upgrade to Firefox version 3.0.10
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  References:
+  https://bugzilla.mozilla.org/show_bug.cgi?id=490233
+  http://securitytracker.com/alerts/2009/Apr/1022126.html
+  http://www.mozilla.org/security/announce/2009/mfsa2009-23.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("gb_firefox_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+  exit(0);
+}
+
+# Grep for Firefox version < 3.0.10
+if(version_is_less(version:ffVer, test_version:"3.0.10")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_firefox_dos_vuln_may09_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_google_chrome_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_dos_vuln.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_dos_vuln.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_dos_vuln.nasl 2133 06-05-2009 14:42:10Z may $
+#
+# Google Chrome Denial of Service Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800566);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1514");
+  script_bugtraq_id(34786);
+  script_name(english:"Google Chrome Denial of Service Vulnerability");
+  desc["english"] = "
+
+  Overview: The host is installed with Google Chrome and is prone to Denial
+  of Service vulnerability.
+
+  Vulnerability Insight:
+  NULL-pointer deference in browser which causes application crash through a
+  throw statement with a long exception value.
+
+  Impact:
+  Successful exploitation will let the attacker craft a malicious html file
+  and trick the user to open the malicious file which leads to denial of
+  service on the affected system.
+
+  Impact level: System
+
+  Affected Software/OS:
+  Google Chrome version 1.0.154.53 and prior.
+
+  Fix: No solution or patch is available as on 07th May 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://www.milw0rm.com/exploits/8573
+  http://en.securitylab.ru/nvd/378891.php
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.5
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(chromeVer == NULL){
+  exit(0);
+}
+
+if(version_is_less_equal(version:chromeVer, test_version:"1.0.154.53")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_google_chrome_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_google_chrome_mult_xss_vuln_may09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_mult_xss_vuln_may09.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_mult_xss_vuln_may09.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_mult_xss_vuln_may09.nasl 1971 2009-05-05 10:21:58Z may $
+#
+# Google Chrome Multilpe XSS Vulnerabilities (May 09)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800561);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1412", "CVE-2009-1340");
+  script_bugtraq_id(34704);
+  script_name(english:"Google Chrome Multilpe XSS Vulnerabilities (May 09)");
+  desc["english"] = "
+
+  Overview: The host is installed with Google Chrome and is prone to
+  multiple XSS vulnerabilities.
+
+  Vulnerability Insight:
+  - Error in chromeHTML URL protocol handler, that do not satisfy the
+    IsWebSafeScheme restriction via a web page that sets document.location
+    and also that are not constructed with sufficient escaping hence when
+    invoked by Internet Explorer might open multiple tabs for unconstrained
+    protocols such as javascript: or file:.
+  - It may allow malicious URLs to bypass the same-origin policy and
+    obtain sensitive information including authentication credentials.
+
+  Impact:
+  Successful exploitation will let the attacker execute arbitrary codes and
+  XSS attack in the context of the web browser.
+
+  Affected Software/OS:
+  Google Chrome versions prior to 1.0.154.59.
+
+  Fix: Upgrade to Google Chrome version 1.0.154.59.
+  http://www.google.com/chrome
+
+  References:
+  http://secunia.com/advisories/34900
+  http://code.google.com/p/chromium/issues/detail?id=9860
+  http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html
+
+  CVSS Score:
+    CVSS Base Score     : 7.8 (AV:N/AC:L/Au:NR/C:C/I:N/A:N)
+    CVSS Temporal Score : 6.1
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+if(version_is_less(version:chromeVer, test_version:"1.0.154.59")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_google_chrome_mult_xss_vuln_may09.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_google_chrome_settimeout_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_settimeout_xss_vuln.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_settimeout_xss_vuln.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_settimeout_xss_vuln.nasl 1971 2009-05-05 12:47:35Z may $
+#
+# Google Chrome Timeout XSS Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800562);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1413");
+  script_name(english:"Google Chrome Timeout XSS Vulnerability");
+  desc["english"] = "
+
+  Overview: The host is installed with Google Chrome and is prone to XSS
+  vulnerability.
+
+  Vulnerability Insight:
+  Error exist when javascript: URLs with unescaped spaces and quotes are
+  processed and fails to cancel timeouts over a page transition thus enabling
+  future code execution.
+
+  Impact:
+  Successful exploitation will let the attacker execute arbitrary codes and
+  universal XSS attack in the context of the web browser.
+
+  Affected Software/OS:
+  Google Chrome version 1.0.x
+
+  Fix: No solution or patch is available as on 07th May, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://secunia.com/advisories/34900
+  http://code.google.com/p/chromium/issues/detail?id=9860
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score : 3.7
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+if(version_in_range(version:chromeVer, test_version:"1.0",
+                                       test_version2:"1.0.154.59")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_google_chrome_settimeout_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_google_chrome_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_chrome_xss_vuln.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/gb_google_chrome_xss_vuln.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_chrome_xss_vuln.nasl 1971 2009-05-05 16:26:10Z may $
+#
+# Google Chrome XSS Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800563);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1414");
+  script_name(english:"Google Chrome XSS Vulnerability");
+  desc["english"] = "
+
+  Overview: The host is installed with Google Chrome and is prone to XSS
+  vulnerability.
+
+  Vulnerability Insight:
+  Browser allows modifications to the global objects to persist across
+  a page transition.
+
+  Impact:
+  Successful exploitation will let the attacker execute universal XSS attack
+  via unspecified vectors and to execute arbitrary codes in the context of
+  the web browser.
+
+  Affected Software/OS:
+  Google Chrome version 2.0.x
+
+  Fix: No solution or patch is available as on 07th May, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://code.google.com/p/chromium/issues/detail?id=9860
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score : 3.7
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+if(version_in_range(version:chromeVer, test_version:"2.0",
+                                       test_version2:"2.0.159.0")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_google_chrome_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_ms_gdiplus_png_infinite_loop_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_gdiplus_png_infinite_loop_vuln.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/gb_ms_gdiplus_png_infinite_loop_vuln.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,79 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ms_gdiplus_png_infinite_loop_vuln.nasl 2009-05-04 16:11:07Z may $
+#
+# Microsoft GDIPlus PNG Infinite Loop Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800700);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1511");
+  script_bugtraq_id(34586);
+  script_name(english:"Microsoft GDIPlus PNG Infinite Loop Vulnerability");
+  desc["english"] = "
+
+  Overview : This host is running Windows XP Operating System with GDI libraries
+  installed which is prone to Infinite Loop vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused while processing crafted PNG file containing a large
+  btChunkLen value which causes the control to enter an infinite loop.
+
+  Impact:
+  Successful exploitation will let the attacker cause denial of service.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Windows XP Service Pack 3 and prior.
+
+  Fix: No solution or patch is available as on 6th May, 2009. Information
+  regarding this issue wil be updated once the solution details are available.
+  For further updates, refer http://www.microsoft.com
+
+  References:
+  http://www.milw0rm.com/exploits/8466
+
+  CVSS Score:
+    CVSS Base Score     : 7.8 (AV:N/AC:L/Au:NR/C:N/I:N/A:C)
+    CVSS Temporal Score : 7.0
+  Risk factor : High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Windows and Service Pack");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("secpod_reg_enum.nasl");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(xp:4) > 0){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ms_gdiplus_png_infinite_loop_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_dos_vuln.nasl	2009-05-07 08:52:37 UTC (rev 3271)
+++ trunk/openvas-plugins/scripts/secpod_trendmicro_officescan_dos_vuln.nasl	2009-05-07 12:39:04 UTC (rev 3272)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_trendmicro_officescan_dos_vuln.nasl 1993 2009-04-28 20:07:05Z apr $
+#
+# Trend Micro OfficeScan Client Denial Of Service Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ # GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+##############################################################################
+
+if(description)
+{
+  script_id(900634);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1435");
+  script_bugtraq_id(34642);
+  script_name(english:"Trend Micro OfficeScan Client Denial Of Service Vulnerability");
+  desc["english"] = "
+
+  Overview:
+  This host is installed with Trend Micro OfficeScan Client and is prone to
+  Denial of Service Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused due to an error while scanning directories as it fails to
+  handle nested directories with excessively long names.
+
+  Impact:
+  Successful exploitation will let the attacker terminate 'NTRtScan.exe' process
+  and temporarily disable the real time scanning protection for the system by
+  crafting a directory.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Trend Micro OfficeScan 8.0 Service Pack 1
+
+  Fix: No solution or patch is available as on 06th May, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.trendmicro.com/download/engine.asp
+
+  References:
+  http://osvdb.org/53890
+  http://secunia.com/advisories/34737
+  http://www.vupen.com/english/advisories/2009/1146
+  http://www.securityfocus.com/archive/1/archive/1/502847/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 2.1 (AV:L/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 1.9
+  Risk factor :Low";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Trend Micro OfficeScan");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Denial of Service");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+include("version_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+key = "SOFTWARE\TrendMicro\NSC\PFW";
+if(!registry_key_exists(key:key)){
+  exit(0);
+}
+
+scanPath = registry_get_sz(key:key, item:"InstallPath");
+if(!scanPath){
+  exit(0);
+}
+
+scanPath += "PccNTMon.exe";
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:scanPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:scanPath);
+
+fileVer = GetVer(file:file, share:share);
+if(fileVer != NULL)
+{
+  # OfficeScan 8.0 build 3110 and prior (SP1 Patch 1/8.0.0.3110)
+  if(version_is_less_equal(version:fileVer, test_version:"8.0.0.3110")){
+    security_warning(0);
+  }
+}



More information about the Openvas-commits mailing list