[Openvas-commits] r3345 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue May 12 22:04:53 CEST 2009 

Author: mime
Date: 2009-05-12 22:04:51 +0200 (Tue, 12 May 2009)
New Revision: 3345

Added:
   trunk/openvas-plugins/scripts/TYPSoft_ftp_server_34901.nasl
   trunk/openvas-plugins/scripts/aas_34911.nasl
   trunk/openvas-plugins/scripts/aas_detect.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-12 17:06:39 UTC (rev 3344)
+++ trunk/openvas-plugins/ChangeLog	2009-05-12 20:04:51 UTC (rev 3345)
@@ -1,3 +1,9 @@
+2009-05-12 Michael Meyer <mime at gmx.de>
+	* scripts/aas_detect.nasl,
+	scripts/TYPSoft_ftp_server_34901.nasl,
+	scripts/aas_34911.nasl:
+	Added new plugins
+
 2009-05-12 Thomas Reinke <reinke at securityspace.com>
 	* grammatical typo fixed in sendmail_expn.nasl (100072)
 2009-05-12 Thomas Reinke <reinke at securityspace.com>

Added: trunk/openvas-plugins/scripts/TYPSoft_ftp_server_34901.nasl
===================================================================
--- trunk/openvas-plugins/scripts/TYPSoft_ftp_server_34901.nasl	2009-05-12 17:06:39 UTC (rev 3344)
+++ trunk/openvas-plugins/scripts/TYPSoft_ftp_server_34901.nasl	2009-05-12 20:04:51 UTC (rev 3345)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# TYPSoft FTP Server 'ABORT' Command Remote Denial of Service
+# Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################################################################
+
+if(description)
+{
+  script_id(100198);
+  script_bugtraq_id(34901);
+  script_version("1.0");
+
+  desc["english"] = "
+  Overview:
+
+   TYPSoft FTP Server is prone to a remote denial-of-service
+   vulnerability.
+
+   This issue allows remote attackers to cause the affected server to
+   stop responding, denying service to legitimate users.
+
+   TYPSoft FTP Server 1.11 is vulnerable; other versions may also be
+   affected. 
+
+  See also:
+   http://www.securityfocus.com/bid/34901
+
+  Risk factor : Medium";
+
+  script_name(english:"TYPSoft FTP Server 'ABORT' Command Remote Denial of Service Vulnerability");
+  script_description(english:desc["english"]);
+  script_summary(english:"Determine if TYPSoft FTP Server Version <= 1.11");
+  
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Michael Meyer");
+  script_family(english:"FTP");
+  script_dependencies("find_service.nes","secpod_ftp_anonymous.nasl","ftpserver_detect_type_nd_version.nasl");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+port = get_kb_item("Services/ftp");
+if(!port){
+  port = 21;
+}
+
+if(get_kb_item('ftp/'+port+'/broken'))exit(0);
+
+if(!get_port_state(port)){
+  exit(0);
+}
+
+if( ! banner = get_ftp_banner(port) ) exit(0);
+if( ! egrep(pattern:"TYPSoft FTP Server", string: banner) )exit(0);
+
+version = eregmatch(pattern:"TYPSoft FTP Server ([0-9.]+)", string: banner);
+
+if( ! isnull(version[1]) ) {
+
+    if( version_is_less_equal(version:version[1], test_version:"1.11") ) {
+	security_warning(port: port);
+	exit(0);
+
+    }  
+}  
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/TYPSoft_ftp_server_34901.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/aas_34911.nasl
===================================================================
--- trunk/openvas-plugins/scripts/aas_34911.nasl	2009-05-12 17:06:39 UTC (rev 3344)
+++ trunk/openvas-plugins/scripts/aas_34911.nasl	2009-05-12 20:04:51 UTC (rev 3345)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# A-A-S Application Access Server Multiple Vulnerabilities
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100197);
+ script_bugtraq_id(34911);
+ script_cve_id("CVE-2009-1464","CVE-2009-1465","CVE-2009-1466");
+ script_version ("1.0");
+
+ script_name(english:"A-A-S Application Access Server Multiple Vulnerabilities");
+ desc["english"] = "
+
+ Overview:
+  According to its version number, the remote version of A-A-S
+  Application Access Server is prone to multiple security issues
+  including a cross-site request-forgery vulnerability, an
+  insecure-default-password vulnerability and an
+  information-disclosure vulnerability.
+
+  Attackers can exploit these issues to run privileged commands on the
+  affected computer and gain unauthorized administrative access to the
+  affected application and the underlying system.
+
+  These issues affect version 2.0.48; other versions may also be
+  affected. 
+
+ See also:
+  http://www.securityfocus.com/bid/34911
+
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if A-A-S Application Access Server Version == 2.0.48");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("aas_detect.nasl");
+ script_require_ports("Services/www", 6262);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:6262);
+
+if(!get_port_state(port))exit(0);
+
+if(!vers = get_kb_item(string("www/", port, "/aas")))exit(0);
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if(version_is_equal(version: vers, test_version: "2.0.48")) {
+      security_hole(port:port);
+      exit(0);
+  }  
+
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/aas_34911.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/aas_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/aas_detect.nasl	2009-05-12 17:06:39 UTC (rev 3344)
+++ trunk/openvas-plugins/scripts/aas_detect.nasl	2009-05-12 20:04:51 UTC (rev 3345)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# A A S Application Access Server Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+  The A A S Application Access Server is running at this port. The A A S
+  Application Access Server makes the PC administration possible
+  over LAN and WANs. 
+
+ See also:
+  http://www.klinzmann.name/a-a-s/index_en.html
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100196);
+ script_version ("1.0");
+
+ script_name(english:"A A S Application Access Server  Server Detection");  
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of A A S Application Access Server ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 8080);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:6262);
+
+if(!get_port_state(port))exit(0);
+
+ url = string("/"); 
+ req = http_get(item:url, port:port);
+ buf = http_send_recv(port:port, data:req, bodyonly:FALSE);  
+
+ if( buf == NULL )exit(0);
+ if( egrep(pattern: 'Server: AAS', string: buf, icase: TRUE) )
+ { 
+   
+    vers = string("unknown");
+
+    ### try to get version.
+    version = eregmatch(string: buf, pattern: 'Server: AAS/([0-9.]+)',icase:TRUE);
+    
+    if ( !isnull(version[1]) ) {
+       vers=version[1];
+    } 
+
+    set_kb_item(name: string("www/", port, "/aas"), value: vers);	
+
+    info = string("None\n\nA A S Application Access Server Version '");
+    info += string(vers);
+    info += string("' was detected on the remote host\n");
+
+    desc = ereg_replace(
+        string:desc["english"],
+        pattern:"None$",
+        replace:info
+    );    
+       
+       if(report_verbosity > 0) {
+         security_note(port:port,data:string(desc));
+         exit(0);
+       }	 
+  
+ }
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/aas_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

More information about the Openvas-commits mailing list